Security Mock question

An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
B) Confidentiality
C) Authentication
D) Authorization
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D

hi ranchers,

The correct answer is H, but I am confused why the "Confidentiality" is also used here.

Authorization: what the identified party is allowed to do within a web-application

Data integrity: the means used to prove that information has not been modified by a third party while in transit

Data privacy: the means to ensure that information is made available only to users who are authorized to access it

then the following apply: Authentication, Authorization, Data privacy
Confidentiality is just another word for Data privacy.

Regards,
Frits

Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239

posted Jun 04, 2010 07:46:12

0

Thanks Frits, can I understand your meaning as the following example?
Department A can access the Dept A web resource. ---- That is Authorization.
Department B can't access the Dept A web resource. ---- That is Confidential.